ezsystems/ezplatform-rest Security Advisories for v1.3.0-rc1 (2)
-
[HIGH] User can obtain JWT token even if account is disabled
PKSA-kvbv-3c4f-djwp GHSA-36mj-6r7r-mqhf
Affected version: >=1.3.0,<1.3.8
Reported by:
GitHub -
[HIGH] /user/sessions endpoint allows detecting valid accounts
PKSA-7wh2-f7yz-bpp1 GHSA-7vwg-39h8-8qp8
Affected version: >=1.3.0,<=1.3.1.0|>=1.2.0,<=1.2.2.0
Reported by:
GitHub